You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Reto Bachmann-Gmür <re...@trialox.org> on 2009/01/27 18:19:55 UTC

Sling - OSGi LogService Implementation and permissions

Hello

We're using the Sling - OSGi LogService Implementation partially in code
running as a subject. The problem is that for this to work we have to
assign read and write right on the log-file to all users. Otherwise we
get an exception like the following:

27.01.2009 18:09:08.491 *INFO* [btpool3-0 - /kl]
org.trialox.platform.security.auth.AuthenticatingFilter
SecurityException: {} java.security.AccessControlException: access
denied (java.io.FilePermission
/home/reto/trialox-workspace/default/org.trialox.cms.launchpad/target/sling/logs/error.log
read)
    at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at
java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    at java.io.File.length(File.java:846)
    at
org.apache.sling.commons.log.slf4j.SlingLoggerWriter.checkRotate(SlingLoggerWriter.java:308)


I was wondering if it wouldn't be reasonable to  have the logger do the
file access in a AccessController.doPrivileged section, so that the
respective permissions only have to be granted to the codebase and not
to the useres as well.

Cheers,
Reto

Re: Sling - OSGi LogService Implementation and permissions

Posted by Reto Bachmann-Gmür <re...@trialox.org>.

Hi Felix

I just noted that the problem is still there after the latest snapshot
deployment.

Should I submit an issue somewhere, and/or would a patch with the
solution you describe be appreciated?

Regards,
Reto

Felix Meschberger said the following on 01/27/2009 09:42 PM:
> Hi Reto,
>
> I am somewhat reluctant to have each logging call to this privileged
> stuff. How about the following solution:
>
> The SlingLoggerWriter.createWriter method is responsible to create the
> actual writer. If the system has a SecurityManager, a PrivilegedWriter
> is wrapped around the underlying OutputStreamWriter(FileOutputStream),
> which does the privileged stuff. If the system has no SecurityManager,
> no such PrivilegedWriter is added.
>
> In addition, as you note, the SlingLoggerWriter.checkRotate must be
> enhanced to check the SecurityManager before rotating the file(s).
>
> WDYT ?
>
> Regards
> Felix
>
>
> Reto Bachmann-Gmür schrieb:
>   
>> Hello
>>
>> We're using the Sling - OSGi LogService Implementation partially in code
>> running as a subject. The problem is that for this to work we have to
>> assign read and write right on the log-file to all users. Otherwise we
>> get an exception like the following:
>>
>> 27.01.2009 18:09:08.491 *INFO* [btpool3-0 - /kl]
>> org.trialox.platform.security.auth.AuthenticatingFilter
>> SecurityException: {} java.security.AccessControlException: access
>> denied (java.io.FilePermission
>> /home/reto/trialox-workspace/default/org.trialox.cms.launchpad/target/sling/logs/error.log
>> read)
>>     at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>     at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>>     at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>     at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>>     at java.io.File.length(File.java:846)
>>     at
>> org.apache.sling.commons.log.slf4j.SlingLoggerWriter.checkRotate(SlingLoggerWriter.java:308)
>>
>>
>> I was wondering if it wouldn't be reasonable to  have the logger do the
>> file access in a AccessController.doPrivileged section, so that the
>> respective permissions only have to be granted to the codebase and not
>> to the useres as well.
>>
>> Cheers,
>> Reto
>>
>>     
>
>

Re: Sling - OSGi LogService Implementation and permissions

Posted by Reto Bachmann-Gmür <re...@trialox.org>.

Hi Felix,

This sounds like an optimized solution to solve the problem :).

A possible alternative might be, to exchange the writer on the first
AccessControlException, this would prevent doPriviledged blocks
when no principal-based authorization is done,  I must admit that
I  have no idea on the performance implications on entering a
privileged section.

Cheers,
Reto

Felix Meschberger said the following on 01/27/2009 09:42 PM:
> Hi Reto,
>
> I am somewhat reluctant to have each logging call to this privileged
> stuff. How about the following solution:
>
> The SlingLoggerWriter.createWriter method is responsible to create the
> actual writer. If the system has a SecurityManager, a PrivilegedWriter
> is wrapped around the underlying OutputStreamWriter(FileOutputStream),
> which does the privileged stuff. If the system has no SecurityManager,
> no such PrivilegedWriter is added.
>
> In addition, as you note, the SlingLoggerWriter.checkRotate must be
> enhanced to check the SecurityManager before rotating the file(s).
>
> WDYT ?
>
> Regards
> Felix
>
>
> Reto Bachmann-Gmür schrieb:
>   
>> Hello
>>
>> We're using the Sling - OSGi LogService Implementation partially in code
>> running as a subject. The problem is that for this to work we have to
>> assign read and write right on the log-file to all users. Otherwise we
>> get an exception like the following:
>>
>> 27.01.2009 18:09:08.491 *INFO* [btpool3-0 - /kl]
>> org.trialox.platform.security.auth.AuthenticatingFilter
>> SecurityException: {} java.security.AccessControlException: access
>> denied (java.io.FilePermission
>> /home/reto/trialox-workspace/default/org.trialox.cms.launchpad/target/sling/logs/error.log
>> read)
>>     at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>     at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>>     at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>     at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>>     at java.io.File.length(File.java:846)
>>     at
>> org.apache.sling.commons.log.slf4j.SlingLoggerWriter.checkRotate(SlingLoggerWriter.java:308)
>>
>>
>> I was wondering if it wouldn't be reasonable to  have the logger do the
>> file access in a AccessController.doPrivileged section, so that the
>> respective permissions only have to be granted to the codebase and not
>> to the useres as well.
>>
>> Cheers,
>> Reto
>>
>>     
>
>

Re: Sling - OSGi LogService Implementation and permissions

Posted by Felix Meschberger <fm...@gmail.com>.

Hi Reto,

I am somewhat reluctant to have each logging call to this privileged
stuff. How about the following solution:

The SlingLoggerWriter.createWriter method is responsible to create the
actual writer. If the system has a SecurityManager, a PrivilegedWriter
is wrapped around the underlying OutputStreamWriter(FileOutputStream),
which does the privileged stuff. If the system has no SecurityManager,
no such PrivilegedWriter is added.

In addition, as you note, the SlingLoggerWriter.checkRotate must be
enhanced to check the SecurityManager before rotating the file(s).

WDYT ?

Regards
Felix


Reto Bachmann-Gmür schrieb:
> Hello
> 
> We're using the Sling - OSGi LogService Implementation partially in code
> running as a subject. The problem is that for this to work we have to
> assign read and write right on the log-file to all users. Otherwise we
> get an exception like the following:
> 
> 27.01.2009 18:09:08.491 *INFO* [btpool3-0 - /kl]
> org.trialox.platform.security.auth.AuthenticatingFilter
> SecurityException: {} java.security.AccessControlException: access
> denied (java.io.FilePermission
> /home/reto/trialox-workspace/default/org.trialox.cms.launchpad/target/sling/logs/error.log
> read)
>     at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>     at
> java.security.AccessController.checkPermission(AccessController.java:546)
>     at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>     at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>     at java.io.File.length(File.java:846)
>     at
> org.apache.sling.commons.log.slf4j.SlingLoggerWriter.checkRotate(SlingLoggerWriter.java:308)
> 
> 
> I was wondering if it wouldn't be reasonable to  have the logger do the
> file access in a AccessController.doPrivileged section, so that the
> respective permissions only have to be granted to the codebase and not
> to the useres as well.
> 
> Cheers,
> Reto
>